Photo of Tracy Marshall

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and commercial e-mail messages, contests and sweepstakes, endorsements and testimonials, marketing to children, and data breach notification. Ms. Marshall also helps clients establish best practices for collecting, storing, sharing, and disposing of data, and manage outsourcing arrangements and transborder data flows. In addition, she assists with drafting and implementing internal privacy, data security, and breach notification policies, as well as public privacy policies and website terms and conditions.

As to intellectual property matters, Ms. Marshall helps clients protect their copyrights and trademarks through registration, enforcement actions, and licensing agreements.

She also represents clients in proceedings before the Federal Communications Commission and Federal Trade Commission.

Ms. Marshall is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and a contributing author of the Consumer Protection Connection blog and Beyond Telecom Law Blog.

On January 7, 2020, the National Institute of Standards and Technology (NIST) released a draft of revised cybersecurity recommendations for IoT devices at both the pre-market and post-market stages. NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline, identifies six voluntary steps manufacturers should take to account

Businesses that rely on standard contractual clauses (SSCs) to transfer personal data outside the European Economic Area (EEA) just got good news. The long-awaited decision from the EU Advocate General (AG) is here: SCCs are valid. The AG’s opinion, although non-binding, is significant for the case brought by Austrian privacy activist Max Schrems against Facebook,

From beauty gurus on Instagram to product reviewers on YouTube, influencers are big business for brands. However, the intentions aren’t always clear when reading the advice of a celebrity fitness trainer who was paid for his endorsement or watching a video of a fashionista who just received a new wardrobe from the clothing company she

You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).

Facebook is facing some big changes after the Federal Trade Commission (FTC) settled with the social media giant over charges that it violated an earlier consent agreement. The company will pay a penalty of $5 billion, which is not only the biggest privacy fine in history, but also, according to FTC commissioner Noah Phillips, “almost

After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices.

As we previously reported, part of the

Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead

Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over